Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-14465

Remove maximum password length setting

    XMLWordPrintable

Details

    • Improvement
    • Status: Unverified Fix (View Workflow)
    • Major
    • Resolution: Fixed
    • 3.1.7-pl1, 3.2.0-b1
    • 3.3.0-b1
    • None
    • None

    Description

      There is no point in having this setting, since there is no point in having a maximum password length.
      It will just lower security for users if admins that don't know or don't care about this setting just let them as they are when the board is installed.

      The few cases where way too long passwords can cause a DoS are catched with a hardcoded maximum length of 4096 which should be more than enough for everyone.

      Attachments

        Issue Links

          is related to

          New Feature - A new feature of the product, which has yet to be developed. PHPBB3-11327 Implement reset password functionality via form instead of sending password

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Unverified Fix

          Activity

            People

              Marc Marc
              Elsensee Oliver Schramm [X] (Inactive)
              Votes:
              4 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: